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Abstract. We define a notion of normal form bisimilarity for the un- 
typed call-by-value A-calculus extended with the delimited-control oper- 
ators shift and reset. Normal form bisimilarities are simple, easy-to-use 
behavioral equivalences which relate terms without having to test them 
within all contexts (like contextual equivalence), or by applying them 
to function arguments (like applicative bisimilarity). We prove that the 
normal form bisimilarity for shift and reset is sound but not complete 
w.r.t. contextual equivalence and we define up-to techniques that aim 
at simplifying bisimulation proofs. Finally, we illustrate the simplicity of 
the techniques we develop by proving several equivalences on terms. 



1 Introduction 

Morris-style contextual equivalence [15] is usually considered as the most natural 
behavioral equivalence for functional languages based on A-calculi. Roughly, two 
terms are equivalent if we can exchange one for the other in a bigger program 
without affecting its behavior (i.e., whether it terminates or not). The quantifica- 
tion over program contexts makes contextual equivalence hard to use in practice 
and, therefore, it is common to look for easier-to-use behavioral equivalences, 
such as bisimilarities. 

Several kinds of bisimilarity relations have been defined so far, such as ap- 
plicative bisimilarity [1], normal form bisimilarity [11] (originally defined in [16], 
where it was called open bisimilarity), and environmental bisimilarity [17]. Ap- 
plicative and environmental bisimilarities usually compare terms by applying 
them to function arguments; as a result, we obtain relations which completely 
characterize contextual equivalence, but still contain a universal quantification 
over arguments in their definitions. In contrast, normal form bisimilarity does 
not need such quantification; it equates terms by reducing them to normal form, 
and by requiring the sub-terms of these normal forms to be bisimilar. Normal 
form relations are convenient in practice, but they are usually not complete w.r.t. 
contextual equivalence, i.e., there exist contextually equivalent terms that are 
not normal form bisimilar. 

A notion of normal form bisimulation has been defined in various calculi, 
including the pure A-calculus [10,11], the A-calculus with ambiguous choice [12], 
the A/x-calculus [13], and the A/i/5-calculus [19], where normal form bisimilarity 
completely characterizes contextual equivalence. However, it has not yet been 
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defined for calculi with delimited- control operators, such as shift and reset [6] — 
programming constructs rapidly gaining currency in the recent years. Unlike 
abortive control operators (such as call/cc), delimited-control operators allow to 
delimit access to the current continuation and to compose continuations. The 
operators shift and reset were introduced as a direct-style realization of the tradi- 
tional success/failure continuation model of backtracking otherwise expressible 
only in continuation-passing style [6]. The numerous theoretical and practical 
applications of shift and reset (see, e.g., [2] for an extensive list) include the 
seminal result by Filinski showing that a programming language endowed with 
shift and reset is monadically complete [7]. 

Up to now, only an applicative bisimilarity has been defined for a calculus 
with shift and reset [4]. In this paper, we define several notions of normal form 
bisimilarity for such a calculus, more tractable than contextual equivalence or 
applicative bisimilarity. We prove they are sound w.r.t. contextual equivalence 
(i.e., included in contextual equivalence), but fail to be complete. We also develop 
up-to techniques that are helpful when proving equivalences with normal form 
bisimulations. 

In Section 2, we define the A-calculus with delimited control that we use in 
this paper, and we recall the definition of contextual equivalence of [4] for this 
calculus. We then define in Section 3 the main notion of normal form bisimilarity 
and we prove its properties. In Section 4, we refine the definition of normal 
form bisimilarity to relate more contextually equivalent terms, at the cost of 
extra complexity in bisimulation proofs. We also propose several up-to techniques 
which simplify the proofs of equivalence of terms. In Section 5, we illustrate the 
simplicity of use (compared to applicative bisimilarity) of the notions we define 
by employing them in the proofs of several equivalences of terms. Section 6 
concludes the paper, and Appendix A contains the congruence proofs of the 
considered normal form bisimilarities. 

2 The Calculus \s 

In this section, we present the syntax, reduction semantics, and contextual equiv- 
alence for the language As studied throughout this article. 

2.1 Syntax 

The language Xs extends the call-by-value A-calculus with the delimited-control 

operators shift and reset [6]. We assume we have a set of term variables, ranged 
over hy X, y, z, and k. We use the metavariable k for term variables representing 
a continuation (e.g., when bound with a shift), while x, y, and z stand for any 
values; we believe such distinction helps to understand examples and reduction 
rules. The syntax of terms and values is given by the following grammars: 

Terms: t ::= x | Xx.t \ tt \ Sk.t \ {t) 
Values: v ::= Xx.t \ x 
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The operator shift {Sk.t) is a capture operator, the extent of which is determined 
by the deHmiter reset ((•)). A A-abstraction Xx.t binds xint and a shift construct 
Sk.t binds k in t; terms are equated up to a-conversion of their bound variables. 
The set of free variables of t is written fv(t); a term is closed if it does not contain 
free variables. 

We distinguish several kinds of contexts, as follows. 

Pure contexts: E :■= D \ v E \ E t 

Evaluation contexts: F ■.■.= U \ v F \ F t \ {F) 

Contexts: C ::= □ | Xx.C \tC \ Ct\ Sk.C \ (C) 

Regular contexts are ranged over by C. The pure evaluation contexts^ (abbrevi- 
ated as pure contexts), ranged over by E, represent delimited continuations and 
can be captured by the shift operator. The call-by-value evaluation contexts, 
ranged over by F, represent arbitrary continuations and encode the chosen re- 
duction strategy. Filling a context C (respectively i?, F) with a term t produces 
a term, written C\t] (respectively E\t], F\t])] the free variables of t may be 
captured in the process. A context is closed if it contains only closed terms. 

2.2 Reduction Semantics 

Before we present the reduction semantics for A5, let us briefly describe an 
intuitive semantics of shift and reset by means of an example written in SML, 
using Filinski's implementation of shift and reset [7]. 

Example 1. The following function copies a list [3], where the SML expression 
shift (fn k => t) corresponds to .Sfc.f and reset (fn () => t) corresponds 

to {t): 

i^xn. copy xs = 

let fun visit nil = nil 

I visit (x: :xs) = visit (shift (fn k => x : : (k xs))) 
in reset (fn () => visit xs) end 

This simple function illustrates the main ideas of programming with shift 

and reset: 

• The control delimiter reset delimits continuations. Any control effects occur- 
ring in the subsequent calls to function visit are local to function copy. 

• The control operator shift captures delimited continuations. Each but last 
recursive call to visit abstracts the continuation that can be represented 
as a function fn v => reset (fn () => visit v) and binds it to k. 

• Captured continuations arc composed statically. When applied, in the ex- 
pression X : : (k xs), the captured continuation becomes the current de- 
limited continuation that is isolated from the rest of the program, and in par- 
ticular from the expression x : : , by a control delimiter — witness the control 
delimiter in the expression fn v => reset (fn () => visit v) represent- 
ing the captured continuation. 

^ This terminology comes from Kameyama (e.g., in [8]). 
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Formally, the call-by-value reduction semantics of A5 is defined as follows, 
where t{v/x} is the usual capture-avoiding substitution of v for x in t: 



{13,) F[{Xx.t) v] F[t{v/x}] 

(shift) F[{E[Sk.t])] F[{t{Xx.{E[x])/k})] with x ^ h{E) 

(reset) F[{v)] F[v] 

The term (Xx.t) v is the usual call-by-valuc rcdex for /3-reduction (rule (/?„)). 
The operator Sk.t captures its surrounding context E up to the dynamically 
nearest enclosing reset, and substitutes Xx.{E[x]) for k in t (rule (shift)). If a 
reset is enclosing a value, then it has no purpose as a delimiter for a potential 
capture, and it can be safely removed (rule (reset)). All these reductions may 
occur within a metalevel context F. The chosen call- by- value evaluation strategy 
is encoded in the grammar of the evaluation contexts. 

Example 2. Let i = Xx.x and to = Xx.xx. We present the sequence of reductions 
initiated by {((Sk\.i (k\i)) Sk^.^S) (uiui)). The term Ski.i(kii) is within the 
pure context E = (D Sk2.oj) (co 00), enclosed in a delimiter (•), so E is captured 
according to rule (shift). 

{((Ski.i (ki i)) Sk^.oj) (co oj)) — >-v {i ((Xx.{(x Sk2.uj) (lo oj))) i)) 

The role of reset in Xx.{E[x]) is more clear after reduction of the ^^-redex 
(Xx.{E[x])) i. 

{i ((Xx.{(x Sk2.u)) (co oj))) i)) — >-v {i {(i Sk2.co) (to on))) 

When the captured context E is reactivated, it is not merged with the context 

i □, but composed thanks to the reset enclosing E. As a result, the capture 
triggered by iSfc2.w leaves the term i outside the first enclosing reset untouched. 

{i {(iSk2.to) (wLo))) ->v {i (w)) 

Because ^2 docs not occur in lj, the context (i □) (oj uj) is discarded when 
captured by Sk2.i-u. Finally, we remove the useless delimiter {i (uj)) — >v (ico) 
with rule (reset), and we then f3y-iednce and remove the last delimiter (i uj) — >-v 
(io) — >v t^. Note that while the reduction strategy is call-by- value, some fimction 
arguments arc not evaluated, like the non-terminating term lulu in this example. 

There exist terms which are not values and which cannot be reduced any 
further; these are called stuck terms. 

Definition 1. A term t is stuck ift is not a value and t -/^y. 

For example, the term E[Sk.t] is stuck because there is no enclosing reset; the 
capture of E by the shift operator cannot be triggered. In fact, stuck terms are 

easy to characterize. 

Lemma 1. A term t is stuck ifft = E[Sk.t'] for some E, k, and t' ort = F[xv\ 
for some F, x, and v. 



4 



We call control stuck terms terms of the form E[Sk.t] and open stuck terms the 
terms of the form F[xv]. 

Definition 2. A term t is a normal form, if t is a value or a stuck term. 

We call redexes (ranged over by r) terms of the form (Xx.t) v, {E[Sk.t]), 
and (v). Thanks to the following unique-decomposition property, the reduction 
relation — >-v is deterministic. 

Lemma 2. For all terms t, either t is a normal form, or there exist a unique 

redex r and, a, unique context F such that t = F[r\. 

Finally, we write ^* for the transitive and reflexive closure of and we 
define the evaluation relation of As as follows. 

Definition 3. We write t JJ-v t' ift ->•* t' and t' -f^^. 

The result of the evaluation of a term, if it exists, is a normal form. If a term 
t admits an infinite reduction sequence, we say it diverges, written t ltv In the 
rest of the article, we use extensively f2 = (Xx.x x) {Xx.x x) as an example of 
such a term. 

2.3 Contextual Equivalence 

In this paper, we use the same contextual equivalence as in [4], where control 
stuck terms can be observed. Note that this relation is a bit more discriminative 
than simply observing termination, as pointed out in [4]. 

Definition 4. Let to, ti be terms. We write to ~c ti if for all C such that C[to] 

and C[ti] are closed, the following hold: 

— C[to] Jj-v vo implies C[ti] J|v vi,' 

— C[to] J|v t'o: where t'o is control stuck, implies C[ti] -IJ-v i'l, with t[ control 

stuck as well; 

and conversely for C[ti]. 

We can simplify the proofs of contextual equivalence of terms by relying on the 
following context lemma [14] for A5 (for a proof see Definition 5 and Section 3.4 
in [4]). Instead of testing terms with (free- variables capturing) general contexts, 
we can simply first close them (using closed values) and then put them within 
(closed) evaluation contexts. 

Lemma 3 (Context Lemma). We have to ~c ii iff for all closed contexts F 
and for all substitutions a (mapping variables to closed values) such that toa and 

tiu are closed, the following hold: 

— F[tocr] JJ-v Vo implies F[tia] J|v vi; 

— F[tocy\ JJ-v t'o, where t'o is control stuck, implies F[tia] t'l, with t'l control 

stuck as well; 

and conversely for F[tia]. 

In the rest of the paper, when proving that terms are contextually equivalent, 
we implicitly use Lemma 3. 
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3 Normal Form Bisimilarity 



In this section, we discuss a notion of bisimulation based on the evaluation of 
terms to normal forms. The difficulties are mainly in the handling of control stuck 
terms and in the definition of the relation on non-pure evaluation contexts. We 
propose here a first way to deal with control stuck terms, that will be refined in 
the next section. In any definitions or proofs, we say a variable is fresh if it does 
not occur free in the terms or contexts under consideration. 

3.1 Definition 

Following Lassen's approach [11], we define a normal form bisimulation where 
we relate terms by comparing the results of their evaluation (if they exist). As 
we need to compare terms as well as evaluation contexts, we extend a relation TZ 
on terms to contexts in the following way: wc write Fg TZ Fi if Fq = Fo'[{Eo)], 
Fi = Fi'[{Ei)], Fo'[x] n Fi'[x], and '{Eo[x]) 7^ {Ei[x]) for a fresh x, or if 
Fq = Eg, Fi = El, and Eo[x] TZ Ei [x] for a fresh a;. The rationale behind this 
definition is explained later. Following [11], we define the application v ^ y as 
xy ii V = X, and as t{y/x} if ii = Xx.t. Finally, given a relation TZ on terms, we 
write TZ~^ for its inverse, and we inductively define a relation TZ^^ on normal 
forms as follows: 

vo*xTZvi-kx a; fresh EqTZEi (to) TZ {ti) FqTZFi vqTZ^^ vi 
vo TZ^'' VI Eo[Sk.to] TZ^'' Ei[Sk.ti] Fo[xvo] TZ'^'' Fi[xvi] 

Definition 5. A relation TZ on terms is a normal form, simulation if to TZ ti 
and to ij-v to im-plies ti JJ-v t.[ and tf, TZ^^ t'^. A relation TZ is a normal form 
bisimulation if botti TZ and TZ^^ are normal form simulations. Normal form 
bisimilarity, written is the largest normal form bisimulation. 

Henceforth, we often drop the "normal form" attribute when talking about 

bisimulations for brevity. Two terms to and ti are bisimilar if their evaluations 
lead to matching normal forms (e.g., if to evaluates to a control stuck term, then 
so does ti) with bisimilar sub-components. We now detail the different cases. 

Normal form bisimilarity docs not distinguish between evaluation to a vari- 
able and evaluation to a A-abstraction. Instead, we relate terms evaluating to 
any values vq and vi by comparing vq *: x and vi ★ a;, where x is fresh. As 
originally pointed out by Lassen [11], this is necessary for the bisimilarity to be 
sound w.r.t. r?-expansion; otherwise it would distinguish 77-equivalent terms such 
as Xy.xy and x. Using ★ instead of regular application avoids the introduction 
of unnecessary /3-redcxes, which could reveal themselves problematic in proofs. 

For a control stuck term Eg [Sk.to] to be executed, it has to be plugged into 
an evaluation context surrounded by a reset; by doing so, we obtain a term of the 
form {tQ{\x.{Eo'[x]) /k}) for some context Eg'. Notice that the resulting term 
is within a reset; similarly, when comparing Eo[Sk.to] and Ei [Sk.ti], we ask for 
the shift bodies to and ti to be related when surrounded by a reset. We also 
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compare Eg and Ei , which amounts to executing Eg [x] and Ei [x] for a fresh x, 
since the two contexts arc pure. Comparing t'^ and t[ without reset would be 
too discriminating, as it would distinguish the two contextually equivalent terms 
Sk.{t) and Sk.t? Indeed, without reset, we would have to relate {t) and t, which 
are not equivalent in general (take t = Sk' .v for some w), while Definition 5 
requires {{t)) and {t) to be related (which holds for all t; see Example 3). 

Two normal forms Fg [xvq] and Fi [xvi] are bisimilar if the values Vq and Vi as 
well as the contexts Eg and Fi are related. We have to be careful when defining 
bisimilarity on (possibly non pure) evaluation contexts. We cannot simply relate 
Fg and Fi by executing Eg [y] and Fi [y] for a fresh y. Such a definition would 
equate the contexts □ and (□), which in turn would relate the terms xv and {x v), 
which are not contextually equivalent: they are distinguished by the context 
{Xx.n)\y.Sk.f}. A context containing a reset enclosing the hole should be related 
only to contexts with the same property. However, we do not want to precisely 
count the number of delimiters around the hole; doing so would distinguish (□) 
and ((□)), and therefore it would discriminate the contextually equivalent terms 
{x v) and {{x v)). Hence, the extension of bisimulation to contexts (given before 
Definition 5) checks that if one of the contexts contains a reset surrounding 
the hole, then so does the other; then it compares the contexts beyond the first 
enclosing delimiter by simply evaluating them using a fresh variable. As a result, 
it rightfully distinguishes □ and (□), but it relates (□) and ((□)). 

Example 3. We prove that {t) « {{t)) by showing that n= {((i), ((i)))}U « 
is a bisimulation. If {t) JJ-v v, then {{t)) JJ-v v, and v k,^^ v holds. The case 
{t) -IJ-v E[Sk.t'\ is not possible; one can check that if {t) — >-v t' , then t' is a value, 
or can be written {t") for some t" (and the same holds for {t) JJ-v t'). 

If {t) J|v F[x u], then there exists F' such that t F'[x v] and F = {F'). 
Therefore, we have {{t)) -IJ-v {{F'[x v])). We have v p^^^ v, and we have to prove 
that (F') TZ {{F')) to conclude. If F' is a pure context E, then we have to prove 
{E[y]) TZ {E[y]) and y TZ {y) for a fresh y, which are both true because k,C.TZ. If 
F' = F"[{E)], then given a fresh ?y, we have to prove {F"[y\) TZ {{F"[y])) (clear 
by the definition of TZ), and {E[y]) TZ {E[y]) (true because k,C.TZ). 

Similarly, it is easy to check that the evaluations of ((t)) are matched by {t). 

Example 4- In [5], the authors propose variants of Curry's and Turing's call- by- 
value fixed point combinators using shift and reset. Let 6 = Xxy.y {Xz.x xy z). 
We prove that Turing's combinator Iq = 6 6 is bisimilar to its shift and reset 
variant ti = {9 Sk.k k). We build the candidate relation TZ incrementally, starting 
from {to,t\). Evaluating to and t\, we obtain to -IJ-v Ay.y (A^.^ y z) = vq and 
ti Jj-v Xy.y {Xz.{Xx.{9 x)) {Xx.{0 x)) y z) = wi; we have to add {vq * y, vi ★ y) (for 
a fresh y) to TZ. To relate these terms, we must add {vq -k z,v'i -k z) and {z, z) 
for a fresh z to TZ, where v'q = Xz.9 6 y z and v[ = Xz.{Xx.{6 x)) {Xx.{6 x)) y z. 
Evaluating Uq * z and v[ ★ z, we obtain respectively y Vq z and y v[ z; to relate 
these two normal forms, we just need to add (x z, x z) (for a fresh x) to TZ, since 

^ The equivalence Sk.{t) = Sk.t comes from Kameyama and Hasegawa's axiomatiza- 
tion of shift and reset [8] and has been proved using applicative bisimilarity in [4] . 
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we already have v'qTZ v[. One can check that the constructed relation 7?. is a 
normal form bisimulation. 

In contrast, Curry's combinator tQ = Xx.Sx 6^, where Sx = Xy-x {Xz.y y z), 
is not bisimilar to its delimited-control variant t[ = \x.{5x Sk.k k) . Indeed, 
evaluating the bodies of the two values, we obtain respectively x {\z.5x 5x z) and 
{{x {Xz.{Xy.{Sx y)) {Xy.{Sx y)) z))), and these open stuck terms are not bisimilar, 
because □ 76 ((□)). In fact, and t[ are distinguished by the context OXx.Sk.O. 
Finally, we can prove that the two original combinators 6 6 and Xx.6x Sx are 
bisimilar, using the same bisimulation as in [11]. 

3.2 Soundness and Completeness 

Usual congruence proofs for normal form bisimilarities include direct proofs, 
where a context and/or substitutive closure of the bisimilarity is proved to be 

itself a bisimulation [10,12,19], and proofs based on continuation-passing style 
(CPS) translations [11,13]. The CPS approach consists in proving a CPS-based 
correspondence between the bisimilarity TZi we want to prove sound and a re- 
lation TZ2 that we already know is a congruence. Because CPS translations are 
usually themselves compatible, we can then conclude that TZi is a congruence. 
For example, for the A-calculus, Lassen proved a CPS-correspondence between 
the eager normal form bisimilarity and the Bohm trees equivalence [11]. 

Because shift and reset have been originally defined in terms of CPS [6], one 
can expect the CPS approach to be successful. However, the CPS translation of 
shift and reset assumes that A5 terms are executed within an outermost reset, 
and therefore they cannot evaluate to a control stuck term. For the normal form 
bisimilarity to be sound w.r.t. CPS, we would have to restrict its definition to 
terms of the form {t). This does not seem possible while keeping Definition 5 
without quantification over contexts. For example, to relate values vq and vi, we 
would have to execute vq * x and vi -k x (where x is fresh) under reset. However, 
requiring simply (?;o * x) and (wi * x) to be related would be unsound; such a 
definition would relate Xy.Sk.k y and Xy.Sk.{Xz.z) y, which can be distinguished 
by the context (□ {Xz.z) fi) . To be sound, we would have to require {E[vq -k x\) 
to be related to {E[vi -k .t]) for every E: we then introdiice a quantification over 
contexts that we want to avoid in the first place. Because normal forms may 
contain control stuck terms as sub-terms, normal form bisimilarity has to be 
able to handle them, and, therefore, it cannot be restricted to terms of the form 
(t) only 

Since CPS cannot help us in proving congruence, we follow a more direct 
approach, by relying on a context closure. Given a relation TZ, we define its 
substitutive, reflexive, and context closure TZ by the rules of Fig. 1. The main 
lemma of the congruence proof is then as follows: 

Lemma 4. IfTZisa normal form bisimulation, then so is it. 

More precisely, we prove that if to TZ t\ and to evaluates to some normal form 
Vq in m steps, then ti evaluates to a normal form t-^ such that VqTZ t\. The 
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t[) 7Z ti t[] /v f i i\) JZ ('1 to JZ ti I' (/ R i'^j 


tnt 


to TZ ti to{vo/x} n ti{vi/x} Fo[to] TZ Fi [t{\ 




to TZ ti to TZ ti 




Xx.toTZXx.ti Sk.toTZSk.ti 



Fig. 1: Substitutive, reflexive, and context closure of a relation TZ 



proof is by nested induction on m and on the definition of TZ; it can be found in 
Appendix A. Congruence of « then follows immediately. 

Corollary 1. The relation is a congruence 

We can then easily prove that « is sound w.r.t. contextual equivalence. 
Theorem 1. We have k,(Zk,^. 

The following counter-example shows that the inclusion is in fact strict; normal 
form bisimilarity is not complete. 

Proposition 1. Let i = Xy.y. We have {{xi)Sk.i) ?»c {{xi) {{xi) Sk.i)), but 
{{x i) Sk.i) 56 ((a; i) {{x i) Sk.i)). 

Proof. Replacing x by a closed value f , we get {{v i) Sk.i) and {{v i) {{v i) Sk.i)), 
which both evaluate to i if the evaluation of {v i) terminates (otherwise, they 
both diverge). With this observation, it is easy to prove that {{xi) Sk.i) and 
{{x i) {{x i) Sk.i)) are contextually equivalent. They arc not bisimilar, because 
the terms {y Sk.i) and {y {{x i) Sk.i)) (where y is fresh) are not bisimilar: the 
former evaluates to i while the latter is in normal form (but is not a value). □ 

4 Refined Bisimilcirity and Up-to Techniques 

In this section, we propose an improvement of the definition of normal form 
bisimilarity, and we discuss some proof techniques which aim at simplifying 
equivalence proofs. 

4.1 Refined Bisimilarity 

Normal form bisimilarity could better deal with control stuck terms. To illustrate 
this, consider the following terms. 

Proposition 2. Let i = Xx.x. We have Sk.i k.^ (Sk.i) fi, hut Sk.i y& (Sk.i) fl. 

Proof. If Sk.i and {Sk.i) Q are put within a pure context, then we obtain two 
control stuck terms, and if we put these two terms within a context F[{E)\, 
then they both reduce to F[i]. Therefore, Sk.i and {Sk.i) Q are contextually 
equivalent. They are not normal form bisimilar, since the contexts □ and □ Q 
are not bisimilar (a; converges while x Q diverges). □ 
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When comparing control stuck terms, normal form bisimilarity considers con- 
texts and shift bodies separately, while they are combined if the control stuck 
terms are put under a reset and the capture goes through. To fix this issue, we 
consider another notion of bisimulation. Given a relation TZ on terms, we define 
TZ^^^ on normal forms, which is defined the same way as TZ'^^ on values and 
open stuck terms, and is defined on control stuck terms as follows: 

{t'o{Xx.{k' Eo[x]}/k}) n {t[{Xx.{k' Ei [x\)/k]) fc', a; fresh 
Eo[Sk.tQ] n^^^ Ei[Sk.tx] 

Definition 6. A relation TZ on terms is a refined normal form simulation if 
to TZ ti and to -llv implies ti Jlv t[ and t'o TZ^^^ t'^. A relation TZ is a refined 
normal form bisimulation if both TZ and TZ~^ are refined normal form simula- 
tions. Refined normal form bisimilarity, written «, is the largest refined normal 
form bisimulation. 

In the control stuck terms case, Definition 6 simulates the capture of Eg 
(respectively Ej) by Sk.to (respectively Sk.ti). However, if to is put into a 
context {E), then Sk.to captures a context bigger than Eq, namely E[Eo]. We 
take such possibility into account by using a variable k' in the definition of 
which represents the context that can be captured beyond Eg and Ei . 

Refined bisimilarity contains the regular bisimilarity. 

Proposition 3. We have w C «. 

Indeed, for control stuck terms, we have to Jj-v Eo[Sk.t'f^], ti i^y Ex [Sk.t'i], Eg « 
El, and {t'^) « {t'-^). Because is a congruence (Corollary 1), it is easy to 
see that %{\x.{k' En[x\)/k]) « {t'^{\x.{k' Ej [x])/k}) holds for fresh k' and x. 

Therefore, « is a refined bisimulation, and is included in si. The inclusion is 
strict, because » relates the terms of Proposition 2, while « does not. 

Proving that w is sound requires some adjustments to the congruence proof 

of w. First, given a relation TZ on terms, we define its substitutive, bisimilar, and 
context closure TZ by extending the rules of Fig. 1 with the following one. 

to ~ io ^0 ^ ^'i ^'i ~ ^1 
toTZti 

Henceforth, we simply write w7?.f=s for the composition of the three relations. 

Our goal is to prove that f« is a refined bisimilarity. To this end, we need a few 
lemmas. 

Lemma 5. If x ^ fw{E), then {Xx.E[x]) t w E[t]. 

One can prove that {{{\x.E[x])t, E[t]),x ^ fv(i?)} U {(t, t)} is a bisimulation, by 
a straightforward case analysis on the result of the evaluation of t (if it exists). 
Note that Lemma 5, known as the (3n axiom in [8], has also been proved in [4] 
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using applicative bisimulation. We can see that the proof is much simpler using 
normal form bisimulation. With Lemma 5, congruence of », and Proposition 3, 
we then prove the following result. 

Lemma 6. If x i fv{Eo)Dfv{Ei) and y ^ fw{Ei ) then {t{\x.{Ei [Eo[x]])/k}) w 
{t{\x.{{\y.E,[y])Eo[x\)/k}). 

The main lemma of the congruence proof of ~ is as follows. 
Lemma 7. IfTZisa refined bisimulation, then so is TZ. 

The proof is an adaptation of the proof of Lemma 4. We sketch one sub-case of 
the proof, to illustrate why we need IZ (instead of TZ) and Lemma 6. 

Proof (Sketch). Assume wc arc in the case where Eoito] TZ -Ej [ii] with Eo[y] TZ 
El [y] for a fresh y, and to TZti. Moreover, suppose to JJ-v Eo'[Sk.t[^]. Then by the 
induction hypothesis, we know that there exist Ei ', t[ such that ti JJ-v Ei'[Sk.t[], 
and {t'o{Xx.{k' Eo'[x])/k}) TZ {t[{Xx.{k' E/[x])/k}) (*) for a fresh k'. Hence, 
we have i?o[io] Jj-v En[Eo'[Sk.t'o]] and ti JJ-v Ei[Ei'[Sk.t[]], and we want to 
prove that {t'o{Xx.{k' Eo[Eo'[x]])/k}) TZ {t'^{\x.{k' Ei[Ei'[x]]) /k}) holds. Be- 
cause Eo[y\ TZ El [y\, we have Xy.k' Eo[y\ TZ^^^ Xy.k' Ei [y\ (**). Using (*) and 
(**), we obtain 

{t'o{Xx.{{Xy.k' Eo[y]) Eo'[x])/k}) TZ {t[{Xx.{{Xy.k' Ei[y]) Ei'[x])/k}), 

because TZ is substitutive. By Lemma 6, we know that 

{t'o{Xx.{k' Eo[Eo'[x]])/k}) « {t'o{Xx.{{Xy.k' Eo[y]) Eo'[x])/k}) 
{t\{Xx.{k' El [Ei'[x]])/k}) « {t\{Xx.{{Xy.k' Ei [y]) Ei'[x])/k}), 

which means that {t'f^{Xx.{k' Eo[Eo'[x\]) /k}) «7^w {t'^{Xx.{k' Ei[Ei'[x\]) /k}) 
holds. The required result then holds because k,TZk CTZ. □ 

We can then conclude that « is a congruence, and is sound w.r.t. «c- 
Corollary 2. The relation k. is a congruence. 
Theorem 2. We have « c Wc- 

The inclusion is strict, because the terms of Proposition 1 are still not related 
by«. 

We would like to stress that even though k, equates more contcxtually equiv- 
alent terms than «, the latter is still useful, since it leads to very simple proofs of 
equivalence, as we can see with Lemma 5 (and with the examples of Section 5). 
Therefore, « does not disqualify w as a proof technique. 
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4.2 Up-to Techniques 

The idea behind up-to techniques [18,9,17] is to define relations that are not 
exactly bisimulations but are included in bisimulations. It usually leads to def- 
initions of simpler candidate relations and to simpler bisimulation proofs. As 
pointed out in [9], using a direct approach to prove congruence of the normal 
form bisimilarity (as in Sections 3.2 and 4.1) makes up-to techniques based on 
the context closure easy to define and to prove valid. For example, we define 
bisimulation up to substitutive, refiexive, and context closure (in short, up to 
context) as follows. 

Definition 7. A relation TZ on terms is a simulation up to context if to TZ ti 

and to JJ-v to implies ti Jj-v t'l and TZ t'^. A relation TZ is a bisimulation up 
to context if both TZ and TZ^^ are simulations up to context. 

Similarly, we can define a notion of refined bisimulation up to context by replac- 

^NF ~RNF 

ing TZ hy TZ in the above definition. The proofs of Lemmas 4 and 7 can 

easily be adapted to bisimulations up to context; a trivial change is needed only 
in the inductive case where to TZ ti (respectively to TZ ti) comes from to TZ ti. 

Lemma 8. IfTZisa bisimulation up to context, then TZ is a bisimulation. If TZ 
is a refined bisimulation up to context, then TZ is a refined bisimulation. 

Consequently, if 7?. is a bisimulation up to context, and if to TZti, then to ^ ti, 
because 7?. C C rs. 

Example 5. Wc can simplify the proof of bisimilarity between Turing's fixed 
point combinator and its delimited-control variant (cf. Example 4); indeed, it 
is enough to prove that TZ= {{6 6, {6 Sk.k k)), {9 9, {Xx.{e x)) {\x.\e x)))} is a 
bisimulation up to context. 

When proving equivalence of terms, it is sometimes easier to reason in a 
small-step fashion instead of trying to evaluate terms completely. To allow this 
kind of reasoning, we define the following small-step notion. 

Definition 8. A relation TZ on terms is a small-step simulation up to context 
if to TZ t\ implies: 

— if to — >-v *0' ^^^''^ there exists t[ such that ti — >■* t[ and tg TZ t[; 

— if to is a normal form, then there exists t[ such that ti JJ-v t[ and to TZ t[ . 

A relation TZ is a small-step bisimulation up to context if both TZ and TZ~^ are 
small-step simulations up to context. 

Similarly, we can define the refined variant. Again, it is easy to check the validity 
of these two proof techniques. 

Lemma 9. IfTZisa small-step bisirnulation up to context, then TZ is a bisimu- 
lation. If TZ is a refined small-step bisimulation up to context, then TZ is a refined 
bisimulation. 

In the next section we show how these relations can be used (Proposition 5). 
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5 Examples 



We now illustrate the usefulness of the relations and techniques defined in this 
paper, by proving some terms equivalences derived from the axiomatization of 
Xs [8]. The relationship between contextual equivalence and Kamcyama and 
Hasegawa's axioms has been studied in [4], using applicative bisimilarity. In 
particular, we show that terms equated by all the axioms except for S elim 
(Sk.k t = t\ik ^ fv(t)) arc applicative bisimilar. The same result can be obtained 
for normal form bisimilarity, using the same candidate relations as for applicative 
bisimilarity (see Propositions 1 to 4 in [4]), except for the Pci axiom, where the 
equivalence proof becomes much simpler (sec Lemma 5). The terms Sk.k v and v 
(equated by <S elim) are not (applicative or normal form) bisimilar, because the 
former is control stuck while the latter is not. Conversely, there exist bisimilar 
terms that arc not related by the axiomatization, such as /? i? and /?, or Curry's 
and Turing's combinators (Example 4). 

In this section, we propose several terms equivalences, the proofs of which are 
quite simple using normal form bisimulation, especially compared to applicative 
bisimulation. In the following, we write I for the identity bisimulation {(t,t)}. 

Proposition 4. //x ^ fv(S), then E[{Xx.to) h] « {Xx.E[to]) h. 

Proof. By showing that {{E[{Xx.to) h], {Xx.E[to]) h), x ^ fv(i?)}U I is a normal 
form bisimulation. The proof is straightforward by case analysis on the result of 
the evaluation of tx (if it exists). □ 

The next example demonstrates how useful small-step relations can be. 
Proposition 5. IJ x fv(S), then {{Xx.{E[x])) t) « {E[t]). 

Proof. Let n= {{{{Xx.{E[x])) t), {E[t])),x ^ fv(£;)}. We prove that 7^ U » is a 
small-step bisimulation up to context, by case analysis on t. 

- If t -S^v t', then {{Xx.(E[x]))t) {iXx.{E[x])) t'), {E[t]) {E[t']), and 
wc have {{Xx.{E[x])) t') U {E[t']), as required. 

- li t = V, then {{Xx.{E[x\)) v) -^v {{E[v])). We have proved in Example 3 
that {{E[v])) « {E[v]). 

- If t = F[y v], then we have to relate {{Xx.{E[x])) F) and {E[F]) (we clearly 
haveu sa^iF v). UF = F'[{E% then we have {{Xx.{E[x])) F'[z]} U {E[F'[z\]) 
and {E'[z\) « {E'[z\) for a fresh z.li F = E', then {{Xx.{E[x])) E'[z]) TZ 
{E[E'[z]]) holds for a fresh z. 

~ lit = E'lSk.t'], then {{Xx.{E[x])) t) {t'{Xy.{{Xx.{E[x])) E'[y])/k}), and 
{E[t]) {t'{Xy.{E[E'[y]])/k}). We have {{Xx.{E[x])) E'[y]) TZ {E[E'[y]]), 
therefore {t'{Xy.{{Xx.{E[x])) E'[y])/k}) TZ {t'{Xy.{E[E'[y]])/k}) holds, as 
wished. □ 

Without using small-step bisimulation, the definition of TZ as well as the bisimu- 
lation proof would be much more complex, since we would have to compute the 
results of the evaluations of {{Xx.{E[x])) t) and of {E[t]), which is particularly 
difficult if Hs a control stuck term. 

For the next example, we have to use refined bisimilarity. 
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Proposition 6. // k' ^ fv(i?) U fv(i) and x ^ fv(i?), then we have E[Sk.t\ ^ 
Sk'.t{Xx.{k' E[x])/k}. 

Proof. The two terms are control stuck terms, therefore, we have to prove 
{t{Xx.{k" E[x])/k}) i {t{Xx.{{Xy.{k" y)) E[x])/k}) for a fresh k". We know 
that {k" E[x]) w {{Xy.{k" y)) E[x]) holds by Proposition 5. Consequently, we 

have {k" E[x]) w {{Xy.{k" y)) E[x]) by Proposition 3. We can then conclude by 
congruence of w. □ 

Without Proposition 5, we would have to prove {k" E[x\) w {{Xy.{k" y)) E[x]) 
directly, using a small-step refined bisimulation up to context. Proving Proposi- 
tion 6 with the regular normal form bisimilarity would require us to equate E [y] 
and y (where y is fresh), which is not possible if E = {Xz.il) □. 

6 Conclusion 

In this paper, wc propose several normal formal bisimilarities and up-to tech- 
niques for a A-calculus with shift and reset, and we demonstrate their usefulness 
on a number of examples. Proving equivalences of terms with the regular normal 
form bisimilarity generates minimal proof obligations, especially when used in 
conjunction with (small-step) up-to context techniques. If the regular bisimilar- 
ity fails to relate the tested terms, then the refined bisimilarity can be of help. 
If they both fail, then we may have to use the applicative bisimilarity [4], which, 
unlike the bisimilarities of this paper, is complete. 

We believe this work can easily be adapted to other delimited-control opera- 
tors as well as the CPS hierarchy [6]. It might also be interesting to extend this 
work to the typed setting. Another possible future work would be to define envi- 
ronmental bisimulations [17] for A5. When comparing two terms, environmental 
relations use an additional component, the environment, which represents the 
current knowledge of the observer. For example, in the pure A-calculus, when 
two tested terms reduce to values, they become known to the observer and are 
added to the environment. The observer can then challenge two A-abstractions 
by applying them to two related arguments built from the environment. Envi- 
ronmental bisimilarities are usually sound and complete, and also allow for up-to 
techniques. 

Another issue is to find a characterization of contextual equivalence for A- 
calculi with abortive control operators. Normal form bisimilarities have been 
defined for extensions of the A/z-calculus [13], but they are usually not complete, 
except in the presence of a store construct [19]. It might be possible to reach 
completeness with applicative or environmental bisimilarities. 

Acknowledgments: We thank Malgorzata Biernacka and the anonymous referees 
for insightful comments on the presentation of this work. 
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A Soundness Proof 



Lemma 10. Ift —^^ t' then t{v/x} —^^ t'{v/x}. 

Proof. Wc proceed by case analysis on t -^^ t' . 
Suppose F[{Xy.to) ]vo -^v F[to{vo/y}]- We have 

t{v/x} = F{v/x}[{Xy.to{y/^})Mv/x}] 

F{v/x}[tQ{v/x}{vo{v/x}/y}] = t'{v/x}, 

as required. 

Suppose F[{Eo[Sk.to])] F[{to{Xy.{Eo[y]) /k})]. We have 

t{v/x} = F{v/x}[{Eo{v/x}[Sk.to{^/x}])] 

F{v/x}[{to{v/x}{Xy.{Eo{v/x}[y])/k})] = t'{v/x}, 

as required. 

Suppose F[{vq)] — >v F[vo]. We have 

t{v/x} = F{v/x}[{vo{v/x})] F{v/x}[vo{v/x}], 

as required. □ 

Lemma 11. Let TZ be a bisimulation. 

— IfFo[xvo]TZ Fi[xvi] then Fo[x vq] TZ Fi[x vi] (and similarly for TZ) . 

^NF ^ ~ 

— IfXx.toTZ Xx.ti thentoTZti (and similarly for TZ) . 

-NF ^ ^NF 

Proof. The relation Fo[x vq] TZ Fi [x vi] implies Fq TZ Fj and vq TZ vi. We 
have xyTZxyiovB. fresh y, therefore we have Fg [x y] TZ Fi [x y], which in turn 
implies Fo[x vq] TZ Fi[x vi]. 

The second item is easy by definition of Xx.to TZ Xx.ti ■ □ 

Lemma 12 (Lemma 4 in the paper). If TZ is a bisimulation, then TZ is a 
bisimulation. 

Proof. Because TZ is symmetric, we only have to prove that it is a simulation. 

We consider to TZ ti with to evaluating in m steps; we prove that ti evaluates 

-NF ^ 

to a term related by TZ by induction on m, and on the derivation of to TZ ti, 
ordered lexicographically. The case m = is easy by induction on to TZt\; we 
treat only the general case m > 0. Note that the; cases Xx.t^ TZ Xx.ti with to TZ ti 
and Sk.to TZ Sk.t\ with to TZ ti are not treated here since they are part of the 
base case. 

Assume we have to TZ ti. This case is easy because 7^ is a bisimulation and 
TZC.TZ. The case to TZ to is also easy. 
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Assume to{vQ/x} TZ ti{vi/x} with Iq TZ ti and Vq TZ Vi. We suppose first that 
to{vo/x} JJ-v ^^0- We have two cases to consider. 

— If to ll-v ' then v'q = Vq{vo/x} by Lemma 10. By the induction hypothesis, 

there exists v'-[ such that ti v", and Vq TZ v'( holds. By Lemma 10, 

wc have ti{vi/x} Jj-v v'({vi/x}, and we also have Vq{vq/x} TZ v'-[{vi/x}, 
hence the result holds. 

— Suppose to D-v Fo[xvq] with Fo{vo/x}[vo Vq{vo/x}] J|v Vq- By the induction 
hypothesis, there exist Fi , v'{ such that t\ -(J-v -Fj [x v'{\ , Fg TZ Fi, and 

-^NF 

Vq TZ v'{. Because Fo{va/x}[vQ v'^^{vq/x}] evaluates to a value, vq must 

^NF 

be a A-abstraction = ^V-to- Assume vi is a variable y. Since vq TZ vi, 
we have vq * z TZ y z for a fresh z; because y 2; is in normal form, we can 
apply the induction hypothesis with m = 0. There exist Eg' , v'q such that 

vo * z il-v Eo'lyv'^], Eo'[x'] TZ x' for a fresh a;', and Vq TZ z. Consequently, 
we have 

Fo{vo/x}[vo v'^{vo/x}] Fo{vo/x}[Eo'{v'^{vo/x}/z}[yv'^{v'^{vo/x}/z}]], 

which is in contradiction with Fo{vo/x}[vo Vq{vo/x);] -(J-v v'q. Therefore, vi 

must be a A-abstraction \y.t'^. 

By Lemma 11, we have t^ TZ t[. The reductions 

Fo{vo/x}[voVq{vo/x}] Fo{vo/x}[to{vo{vQ/x}/y}] 

and 

Fi{vi/x}[v, v'l{vi/x}] Fi{vjx}[t[{v'{{vi/x}/y}] 

hold. Because Fo{vo/x}[t'o{v'^{vo/x}/y}] TZ Fi{vi/x}[t[{v'{{vi/x}/y}], and 
Fo{vo/x}[tQ{v[^{vo/x}/y}] evaluates to v'q in less than m — 1 steps, we 
can apply the induction hypothesis. Therefore, there exists v'^ such that 

^NF 

Fi{vi/x}\t'i{v'{{vi/x}/y}\ JJ-v v'l and v'q TZ v'-y. One can check that we 
have t\{vi/x} JJ-v v[, hence the result holds. 

The case to{vQ/x} JJ-v Eo[Sk.t'Q] is treated similarly. Suppose to{vQ/x} J|v 
Po[v with y ^ X. We have two possible cases. The case to JJ-v Fo'[y Vq] is 
similar to the case to{wo/a;} JJ-v with to -(l-v vq. Suppose to JJ-v Fo'[x Vq] with 
Fo' {vo/x}[voVq{vo/x}\ J|v Fo[yvQ\. By the induction hypothesis, there exist Fi , 

v'( such that ti ||-v Fi'[xv'{\, Fg' TZ F/, and w^,' v'{. If both vq and vi are A- 
abstractions, then we proceed as in the case to{vQ/x} JJ-v v'q with t^ Jj-v Fo[xv'fP\. 
If both vq and vi are variables, then we must have vq = vi = y, and the required 
result holds. Suppose vq is a variable and vi is a A-abstraction (the symmetric 
case is treated similarly). Then we must have vq = y, Fq = Fo'{vo/x}, and v'q = 

^NF ^ 

v'q{vo/x}. Because vq TZ vi, we have y z TZ vi * z for a fresh z, so by the induc- 
tion hypothesis (case m = 0) there exist E^' , v'{' such that Vi -k z Ei'[y v'('], 

Ei'[x'] TZ x' for a fresh x' , and v'{' TZ z. Consequently, we have t\{vi/x} -O-v 
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Fi'{vo/x}[Ei'{v'{{vi/x}/z}[yv'('{v'l{vi/x}lz)]]. From the relations Fg' U F/ 
and x' n. Ei'[x'], we deduce Fo'{vo/x} H Fi'{vo/x}[Ei'{v'l{vi/x}/z}]. Prom 

^NF ^NF ^NF 

Vq TZ v'-l and z TZ v"', we deduce Vq{vo/x} TZ v"'{v'-[{vi/x}/z}. Conse- 
quently we have the required result. 

Assume Eg [to] TZ Ei \t-i\ with t^ IZ t\ and Eg [x] TZ Eg [x] for a fresh x. Suppose 
■E'o[io] J|v vq. Then to JJ-v Wg and Eo[v'^] J|v '^'o- By the induction hypothesis, there 

^NF 

exists v'l such that ti JJ-v w'l, and ?;q TZ v[. Because -Ef^Uo] -IJ-v: there exists a 
normal form tg such that i?o[a;] t'o- By the induction hypothesis, there exists 

NF 

a normal form t'l such that Ei [x] JJ-v t[ and TZ t[. By Lemma 10, we have 

Eo [to] t'„{v'Jx} and Ei [t^] t[{v[/x}. Suppose Eg [to] reduces to f'a{v'Jx} 

in at least one step. Then tQ{vQ/x} evaluates to vo in strictly less than ni steps. 

The normal form is either a value or an open stuck term. If t^ is a value, 

^NF ^ 
then t[{v[/x} is also a value. Prom t'^ TZ t[ and substitutivity of TZ, we can 

prove that t[,{v'f^/x} TZ t'i{v[/x} holds, as wished. If tg an open stuck term, 
then so is t'l, and t'(^{vQ/x} TZ ti{v'i/x} holds by Lemma 11 and substitutivity 
of TZ. By the induction hypothesis, there exists vi such that t[{v[/x} JJ-v Vi, 

^NF 

and Vo TZ vi. One can check that Ej [ti] Jj-v wi, hence we have the required 
result. Suppose now that Eo[to] = tQ{uQ/x}. It is possible only if to — Vq and 
Eo[x] = Eo'[xv'^]. Then we have t[ = E/[xv'l] with Eo'[x'] TZ E/[x'] for a fresh 

x' and Vq TZ v'{. Because Eo'[vq Vq] evaluates to vq, must be A-abstraction 
Az.tp. By a similar reasoning as in the case to{vo/x} JJ-v v'o (second sub-case), v[ 
is also a A-abstraction Xz.t". By Lemma 11, we have t^ TZ t'(. Therefore we have 
Eo[to] Eo'[t'i{v'i/z}] and Ei[t^] ->* Ei'[t'i{v'{ / z}]. From v'^ TZ^ <, we 
obtain Eo'[t'i!^{v'i / z}\ TZ Ei'[t'({v'{ / z}] by substitutivity. Because Eo'[t'i{v't^ / z}] 
evaluates to vo in less than m — 1 steps, by the induction hypothesis (on m), 

there exists v\ such that Ei'[t'l{v'{/ z}\ -IJ-v v\ and vqTZ v\. One can check that 

El [ti] Jj-v vi holds, hence we have the required result. 

The case Eo\to\ -D-v Eo'[Sk.t'Q\ is similar. Suppose now that Eo\to\ JJ-v Fo[yvo]- 
We have two possible cases; the case to JJ-v Fo'[y vo] is easy using induction. 
Suppose to JJ-v Vq and Eo[v'q] JJ-v Fo[y vq]. By the induction hypothesis, there 

^NF 

exists v'l such that ti J|v ^i, and v^ TZ v'-^. Because Eo{v'q] J|v, there exists a 
normal form t^ such that Eo[x] JJ-v ^q- ^^i^ induction hypothesis, there exists 

^NF 

a normal form t'^ such that Ei [x] Jj-v t'l and t'l- By Lemma 10, we have 

Eo[to] ->v i'oWo/^} ^nd £'j[ti] ^* t\{v[/x}. If .Eo[to] reduces to io{wo/x} in 
at least one step, then we proceed as in the case Eo[to] JJ-v vo- Otherwise, we 
have to = v'q, Eo[x] = Eo'[x v'^l], t[ = E/[x v'{] with Eo'[x'] TZ E/[x'] for a 

fresh x', and Vq TZ u". If both Vq and v[ are A-abstractions, then we proceed 

as in the case Eo[to] J|v vo- If they are both variables, then v'q = v[ = y, and 
the result holds. If v'q is a variable and v[ is a A-abstraction, then we must 
have v'q = y, Fq = Eg", and vq = Vq. Because we have y z TZ vi * z, hy the 
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induction hypothesis (case m = 0), there exist Ej", v'(' such that Ui ★ 2; -l|v 

Ei"[yv'('], y' TZ Ei"[y'] for a fresh y', and z TZ v'". Consequently, we have 
El [ti] Ei'[Ei"{v'{/z}[yv'['{v1/z}]\. From Eo'[x'] TZ E/[x'] and y' TZ Ei"[y'], 

we deduce Eg' n Ei'[Ei"{v'l/z}]. From v'f^ TZ < and -fe we deduce 

Vq TZ v'{'{vi/z}. Consequently, we have the required result. 

Assume Fo[{Eo[to])] TZ Fi[{Ei[ti])] with Fo[x] TZ Fi[x], Eo[x] TZ Ei[x] (x 
fresh), and to TZ ti. Note that Fo[{Eo[tQ])] cannot evaluate to Eo'lSk.t'o]. Sup- 
pose Fo[{Eo[to])] JJ-v vo- We have several cases to consider. 

— Suppose to J|v v'q, Eo[v'f^] JJ-v "^0' ^^id Fo[{v'fl)] JJ-v wo- By the induction 
hypothesis, there exists v[ such that ti -Ij-v v[ and v'^ TZ v[. We have 
El [ti] ->■* El [v[] and Eq [v'q] TZ Ei [v[] . Because the evaluation Fq [{vq)] -H-v vq 
takes at least one step (corresponding to (wq) — t-v Vq), wc know that the eval- 
uation Eq [vq] JJ-v Vq is in m — 1 steps or less. Therefore, by the induction 

hypothesis (on m), there exists v" such that Ej [v'l] Jj-v v" and Vq TZ w". Be- 
cause Fq [{vq)] Jj-v Vq, there exists a normal form t^ such that Eg [x] JJ-v ig- By 
the induction hypothesis, there exists a normal form t'l such that Fi [x] J|v ^'i 

and t'o TZ t[. We have Fo[«)] t'„{v'(^/x} and i^j [«)] t[{v'{/x}. 
Because the reduction Fg [{vq)] -^*. t'^lvQ/x} takes at least one step, we know 
that the evaluation tQlv'^/x} ij-y vq takes m, — 1 steps or less. Besides, is 
either a value or an open stuck term. If t'^ is a value, then so is t'l, and one can 

^NF 

check that both vq = t'o{vl^/x} TZ t[{v'{/x} and Fi [{Ei [ti])] t[{v1/x} 
hold. If tQ is an open term, then so is t[, and we have t'olvQ/x} TZ t[{v"/x} 
by Lemma 11 and substitutivity. Therefore, by the induction hypothesis 

^NF 

(on m). there exists vi such that t'i{v'{/x} l^-v vi and Vo TZ vi. Because 
Fi [{El [ti])] -IJ-v vi, we have the required result. 

- Suppose to JIv v'o, Eo[v'o] Eo'[Sk.t'o\, and Fo[{Eo'[Sk.t'o])] ^^o- By the 

^NF 

induction hypothesis, there exists v{ such that ti JJ-v v[ and Vq TZ v[. 
We have Ei[ti] — fi'j Ki] and Eo[v'q] TZ Ei[v[]. Because the evaluation 
FoKEo'iSk.t'o])] JJv Vo takes at least one step (corresponding to the capture 
of Eq' by shift), we know that the evaluation Eq [v'q] JJ-v Eo'[Sk.t'Q] is in m— 1 
steps or less. Therefore, by the induction hypothesis (on m), there exists 
El', t[ such that Ei [v[] JJ-v Ei'[Sk.t[], (t'o) TZ {t[), and Eo'[y] TZ Ei'[y] for 
a fresh y. By congruence, we have Xy.{Eo'[y]) TZ Xy.{Ei'[y]), therefore, 
{t'Q{\y.{Eo'[y])/k}) TZ {t[{\y.{Ei'[y])/k}) holds by substitutivity Because 
Fo[{Eo'[Sk.t'Q])] evaluates to vq, we must have {Eo'[Sk.tQ]) JJ-v t'o; Fo[x] D-v 
tQ for some normal form t'^, and tQ{vQ/x} JJv vq. Because of the capture step 
{Eo'[Sk.t'o]) ^v {t'a{Xy.{E„'[y])/k}), we know {t'„{Xy.{Eo'[y])/k}) evaluates 
to Vq in TO— 1 steps or less. Consequently, by the induction hypothesis (on m), 

there exists v'{ such that {t[{Xy .{Ei' [y]) / k}) JJ-v v'{ and Vq TZ v'{. Because 
Fq [x] TZ Fi [x], we also know by the induction hypothesis that there exists a 
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normal form t'( such that Fj [x] J|v t'l and t'^ TZ t'{. Because the reduction 
Fo[{Eo'[Sk.t'Q\)] — >■* t^lvQ/x} takes at least one step, we know that the 

evaluation tgl'^o/-^} -IJ-v vq is in m — 1 steps or less. Besides, t'^ is cither a 
value or an open stuck term. If t'^ is a value, then so is t", and one can check 

that both Wo = t'aWo/x} TZ t'{{v'{/x} and Fi [{Ei [t{\)\ J|v t'l{v'(/x} hold. 
If to is an open stuck term, then so is t", and we have ^^{vq/x} TZ t'{{vi/x} 
by Lemma 11 and substitutivity. By induction (on m), there exists vi such 

^NF 

that ti{vi/x} -il-v vi and vo TZ vi. One can check that Fi [{Ei [ti])] -jj-v fi 
holds, therefore the required result holds. 
- Suppose to JJ-v Eo'[Sk.to] and Fo[{Eo[Eo'[Sk.t'Q\])] ij^ vq- This sub-case is 
similar to the previous one. 

Suppose Fo[{Eo[to])] Jj-v Fo'[yvo]. There are five sub-cases to consider: three 
of them are similar to the sub-cases of Fo[{Eo[to])] JJ-v ^^O) and the remaining two 
are similar to the sub-cases of Eo[to\ JJ-v Fo[y vo] (namely to JJ-v Fo"[y vq] with 
Fo' = Fo[{Eo[Fo"])], or to ^v v'^, EoK] Fo"[yvo] with Fg' = Fo[{Fo")]). 

□ 

Lemma 13 (Lemma 7 in the paper). IfTZisa refined bisimulation, then so 
is TZ. 

Because the proof is quite similar to the previous one, we sketch only the cases 
with the largest differences. 

Proof (Sketch). Assume to ~ ^ *i ~ *i and to J|v where is a normal 

, RNF 

form. By bisimilarity, there exists such that t^ i^y t'^ and tg ~ t'o- By the 
induction hypothesis (on the definition of TZ), there exists t" such that t\ J|v t'( 

~RNF .RNF 

and tp TZ t". By bisimilarity, there exists t[ such that ti JJ-v t[ and t'{ « t[. 

' , _ , RNF . ~ . ~ 

FinalJy, we have Vq (~7?.w) ti, and because k,TZ~C.TZ, we have the required 
result. 

Assume we are in the case where i?o[io] TZ Ei [ti] with Eo[y] TZ Ej [y] for a 
fresh y, and to TZ ti. Moreover, suppose to JJ-v Eo'[Sk.t'Q]. Then by the induc- 
tion hypothesis, we know that there exist Ei' , t[ such that ti JJ-v Ei'[Sk.t[], and 
{t'o{Xx.{k' Eo'[x])/k}) TZ {t[{\x.{k' Ei'[x])/k}) (*) for a fresh k'. Hence, we have 
Eo[to] JJ-v Eo[Eo'[Sk.t'Q]] and ti J|v Ei[Ei'[Sk.t[]], and we want to prove that 
{t'o{Xx.{k' Eo[Eo'[x]])/k}) TZ {t[{Xx.{k' Ei [Ei'[x]])/k}) holds. Because Eo[y] TZ 

^NF 

El [y], we have Xy.k' Eo[y] TZ Xy.k' Ei [y] {**). Using (*) and (**), we have 
{t[,{Xx.{{Xy.y E„[y]) Eo'[x])/k]) TZ {t'^{Xx.{{Xy.k' Ei[y]) Ei'[x])/k}) by substi- 
tutivity of TZ. By Lemma 6, we have 

{t'^iXx.ik' Eo[Eo'[x]])/k}) ^ {t'^{Xx.{{Xy.k' Eo[y]) Eo'[x])/k}) 
{t[{Xx.{k' El [Ei'[x]])/k}) « {t[{Xx.{{Xy.k' Ei [y]) Ei'[x])/k}), 
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which means that {t'Q{\x.{k' Eo[Eo'[x\\) /k}) ^TZ^ {t[{Xx.{k' Ei[E/[x]])/k}) 
holds. We have then the required result because ~Tl^CTZ. ^ 

Assume Fo\{EoM)] ^ Fi[{Ei[ti])] with Fo[x] TZ Fi[xl Eo[x] U Ei[x] {x 
fresh), and TZ ti. Moreover, suppose to Jj-v v'q, Eo[v'q[ Eo'[Sk.t'Q], and 
Fo[{Eo' [Sk.tQ])] H-v vq. By the induction hypothesis, there exists v'l such that 

ti H-v v[ and v'q U^^^ v[. We have Ei [ti] -)■* Ei [v[] and Eo[v'q] U Ei [v[]. Be- 
cause Fq \{Eo'\Sk.t'i^)] Jj-v Wo takes at least one step (corresponding to the capture 
of Eg' by shift), we know that the evaluation Eo[v'q\ -IJ-v Eo'[Sk.t'Q\ is in m — 1 
steps or less. Therefore, by the induction hypothesis, there exists Ei' , t'l such 
that Ei[v[] 4v Ei'[Sk.t[] and {t'o{Xy.{k' Eo'[y])/k}) U {t[{Xy.{k' Ei'[y])/k}) 

~RNF ~ 

for fresh y and k . Because Xz.z TZ Xz.z and 7Z is substitutive, we have 
{t'o{Xy.{{Xz.z) Eo'[y])/k}) TZ {t[{Xy.{{Xz.z) Ei'[y])/k}). Using Lemma 6, we ob- 
tain 

{t'„{Xy.{{Xz.z) Eo'[y])/k}) ~ {t'„{Xy.{Eo'[y])/k}) 
{t[{Xy.{{Xz.z) EAy])/k}) « {t[{Xy.{E/[y])/k}). 

Consequently, we have {t'„{Xy.{Eo'[y]) /k}) k.TZ^ {t'-^{Xy.{Ei'[y\) /k}), and be- 
cause ^TZ^CTZ, we have {t'Q{Xy.{Eo'[y])/k}) TZ {t[{Xy.{E/[y])/k}). From here, 
the proof is the same as in the corresponding case of the proof of Lemma 12. □ 
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